new website : www.firewallleaktester.fr.st

Discussion in 'other firewalls' started by gkweb, Jun 7, 2003.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Hey gkweb

    Thanks that’s a start; could you verify that Internet Explorer is Default browser and that Internet Explorer was not running at the time of the TooLeaky tests?
     
  2. gkweb

    gkweb Guest

    IE is not my default browser but this doesn't matter because tooleaky launch directly C:\program files\internet explorer\iexplore.exe
    (i can see it in taskmanager)

    After, i tested with IE launched and IE closed, and in both case Tooleaky failed, so outpost passes tooleaky.

    regards,

    Guillaume/gkweb.

    P.S : got to go to bed now, cya ;)
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Thanks, your detailed informatics is very necessary under these conditions.

    However I’m not surprised that with or without Internet Explorer running TooLeaky fails, however I’m interested in knowing if Opera being configured as Default browser and tested when running and not to see if Outpost will pass…

    Question; does the newest Outpost contain DLL Module Filtering now or not?
     
  4. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Don't know if they call it filtering or what the technical name for it is but there are three options to choose from for monitoring dll changes, off, normal and high.
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    DLL Module filtering…

    Those 3 settings are probably relating too;

    #1. Application DLL Module filtering
    #2. System DLL Module filtering
    #3. System & Application DLL Module filtering

    I could be very mistaking however… :p
     
  6. Main

    Main Guest

    I'm using Mcafee Personal firewall 4.5 and I failed almost every single test on that page. I failed leak, pc audit and everything else.

    Does anyone know what to do? how do I configure this thing, the settings are on tight.

    Should I just trash it and get outpost?

    I failed Outbound too.
     
  7. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello Phantom,

    My default browser is an exotic one which has NO access to the W3 : it is as Explorer and some other applications among the blocked applications ;)

    For test purposes, I change for IE and then Opera as default browser and open them before performing the tests.
    I also ran the test with closed browsers

    Regards,

    JacK

    WinXp Pro SP1 always up to date
     
  8. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi root,

    Seems that OP v2 is not able to pass AWFT #1 :

    From the beta test system :
    2215 29/04/03 15:18:05 High Outpost 2.0.190.* 30/04/03 16:29:06 Failed test 1 AtelierWeb Firewall Tester assigned

    Rgds,
     
  9. _anvil

    _anvil Guest

    Hi,

    OP2 passes Tooleaky.
    How? Guys, just take a look at the logs! ;)

    Tooleaky starts a _hidden_ instance of IE to connect to a website. OP2 does not more than detect, that there is a _hidden_ browser window, and blocks its internet access. At least this is what the OP2 log is saying... :)
    (This might only work, if IE is not a 'trusted' app - but why should we put it to trusted apps, when we can easily use a predefined IE-rule for it?)


    Perhaps you missed the point of 'Oops': it works only under WinNT/2000/XP, because only in these OS the DNS queries are _normally_ not carried out by the apps themselves, but by 'svchost.exe' (DNS-client service.) That's why it is impossible to create DNS rule for specific apps (unless you disable 'DNS-client service', which is a good way to pass Oops, btw - but this not the achievement of your firewall...)!
    Read this: http://www.hackbusters.net/oops.html


    @Jack (or anyone else with SSM):
    Do you have WinXP? If yes, could you please download the newest version of 'copycat' and try it out? I just want to know, if something is wrong with my PC or with SSM... ;)
     
  10. gkweb

    gkweb Guest

    someone point out to me this fact : it's because my DNS client services is disabled that OUtpost passes Oops (i didn't do it on purpose, but for optimization).
    Knowing that, in normal condition with the service enabled, Outpost doesn't passes Oops.

    And about AWFT, i don't know how people find 9/10 or 10/10, i done the tests a lot of time, explorer.exe not trusted, and i have only 5/10.

    regards,

    Guillaume/gkweb.
     
  11. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hullo,

    Yes, no problem with SSM with copycat current v.
    NB : Are you sure running the correct v of mchooknt.dll ?
    I don't know whether on Max'site the modified dll comes with the distribution. I included in the mirror when Max modified it.

    As for Oops, just untick the system rule for DNS in OP v2 and set a rule for each app.

    You may also do the same for the loopback rule : untick in System rule and add a rule only for apps needing it like IE or OE for instance.

    Rgds,
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Hey gkweb

    You see why I said what I said?

    And do you see why it’s important to be detailed as possible when saying this passes this and that… ;)
     
  13. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
     
  14. gkweb

    gkweb Guest

    yea i understand ;)
    good job phantom, it's only in this way that we can have the right results ^^

    And Jack, i'm sorry, but i already done that you say, i unchecked DNS for the system, and create rules for just IE for instance, but, this works only when DNS client service is disabled, as soon as i start it, Oops go trought Outpost, that is the purpose that want to show Oops.

    But don't worry, outpost 2 is still a beta ? so may be they will correct it.

    -------
    @Guest MAIN

    results on the website will help you to find a good firewall, just wait a little to see more results (it takes times to have right one...).
    --------

    regards,

    Guillaume/gkweb.

    P.S : if someone can take a look to the poll POLL i can't post here it's about the website, and i don't want to be charge of using this forum as my forum nor doing cross post :D
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Hey Jack

    You said Outpost passes Oops but I did not see anyone post saying only with user’s intervention, kind of makes this irrelevant. Yes so you say Outpost passes, with user intervention and this need to be told in details how so…
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Each person when posting stating this and that passes this and that, they really should provide Details like Operating System they using and what’s currently running in the background and other details like whether or not they using Internet Explorer as Default browser or Opera or other-than, whether or not Internet Explorer or _?_ was running or not when these tests were performed…


    And if user intervention was required to make this or that pass Leaktests it should be included in ppl’s posts explaining how so, otherwise everyone’s post stating this or that passes this or that is irrelevant…
     
  17. _anvil

    _anvil Guest

    @Jack

    OP2:
    Is the 'DNS client' service running on your PC? As said above: your way of passing Oops doesn't work, if this service is running (which is WinXP default. :rolleyes: )

    Copycat & SSM:
    I am sure I have the most recent version of the hooking-dll (tried both the current SSM version _and_ the dll, Max posted in the thread about GOD2.) Furthermore, someone in another forum confirmed that SSM doesn't block current 'Copycat' (54 kB.)
    Does SSM really alert you with this 'NT_Open_Thread'-popup in your tests, which it did with older Copycat versions? Or does it only block the start of Copycat (which, of course, is not the way to pass the test.)
     
  18. gkweb

    gkweb Guest

    Thanks for the info, i will add the last version of copycat (mine = 52.5Ko, lastest = 53.5Ko on my comp)

    :)

    And about GOD2, is it a leaktest too? can i have a link pls ?

    regards,

    Guillaume/gkweb.
     
  19. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    G'day Guillaume/gkweb :).
    You can read some info on GOD2 in this thread:

    http://www.wilderssecurity.com/showthread.php?t=9276;start=30

    Start reading from where _anvil comes in.

    Hope that helps mate ;). Jade.
     
  20. gkweb

    gkweb Guest

    thanks, very interesting, but it appears to be a trojan, not a leaktest, and it seems to hijack process like thermite does, so should i add it to the website ? (regardless the fact that i didn't find the link...).
    If it doing it in a way that other leaktest don't use, i should add it, but if not, i'll only add it if it's a leaktest, i don't want people to trojan themself ;)

    regards,

    Guillaume/gkweb (as you want ^^).
     
  21. _anvil

    _anvil Guest

    Imho you shouln't use GOD2 for your website:
    1) it is no leaktest,
    2) though its methods to inject code or dll's in other processes might slightly differ from the leaktests (I don't know, if so), there is after all no big difference.
    FWs with component control should be able to detect the new dlls, while other FWs will have their problems. Nothing really 'new.' :)
     
  22. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Glad you replied _anvil. I didn't know how to explain it!
    I definately wouldn't put it on your website Guillaume - it certainly is no leaktest :D :D.

    Regards, Jade.
     
  23. gkweb

    gkweb Guest

    thanks for your opinion ;)


    Other thing, i'm forced to post here because i have no reply for now on my forum : is there someone interested for i add a second board to show results against leaktest with default settings ? it could be interesting to see which degree of protection could have an average user ?
    (as you can see, it's a bit difficult sometimes to find highest settings ;) )

    regards,

    Guillaume.
     
  24. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    I get 2 warnings, the first allows Explore.exe will run copycat etc... If allowed, I get the second : copycat want to gain control on a thread in Opera.exe which I block.

    I don't run DNS client : no need for me. IF I run it no alert from OP v2.
    If I don't run it but standard DNS system rule : leak otherwise as described, no leak.

    Rgds,
     
  25. RabbitOnTheMoon

    RabbitOnTheMoon Registered Member

    Joined:
    May 20, 2003
    Posts:
    18
    > gkweb
    You've got a nice page! I've been looking for some kind of "collection" of all known leaktests for a long time. It seems, that now I'm lucky to know, where this collection is :)

    > _anvil
    Thanks for heads up! There really was a bug. It is now fixed (I hope finally). You can get a hotfix at:
    http://mc.webm.ru/mchooknt.dll
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.